Tech Support Forum - View Single Post

Niazcro · 06-26-2007, 02:32 AM

Deckard's System Scanner v20070611.50
Run by Teka on 2007-06-26 at 10:21:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
36: 2007-06-26 08:22:21 UTC - RP132 - Deckard's System Scanner Restore Point
35: 2007-06-26 05:48:29 UTC - RP131 - System Checkpoint
34: 2007-06-24 10:45:53 UTC - RP130 - System Checkpoint
33: 2007-06-23 06:29:32 UTC - RP129 - System Checkpoint
32: 2007-06-21 08:57:30 UTC - RP128 - System Checkpoint

-- First Restore Point --
1: 2007-05-18 12:25:49 UTC - RP97 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Teka.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:24:47, on 26.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Teka\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Teka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tportal.hr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MAXadsl Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R1 atitray - c:\program files\radeon omega drivers\v3.8.221\ati tray tools\atitray.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 RMSPPPOE (WAN Miniport (PPP over Ethernet Protocol)) - c:\windows\system32\drivers\rmspppoe.sys <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 Mtlmnt5 - c:\windows\system32\drivers\mtlmnt5.sys <Not Verified; ; Modem>
S3 Mtlstrm - c:\windows\system32\drivers\mtlstrm.sys <Not Verified; ; Modem>
S3 NtMtlFax - c:\windows\system32\drivers\ntmtlfax.sys <Not Verified; ; Modem>
S3 Slntamr (SmartLink AMR_PCI Driver) - c:\windows\system32\drivers\slntamr.sys <Not Verified; ; Modem>
S3 SlNtHal - c:\windows\system32\drivers\slnthal.sys <Not Verified; ; Modem>
S3 SlWdmSup - c:\windows\system32\drivers\slwdmsup.sys <Not Verified; Vireo Software; Driver::Works>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Scheduled Tasks -------------------------------------------------------------

2007-06-26 09:30:00 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-06-19 11:22:00 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-06 20:14:55 384 --a------ C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job
2007-05-20 11

39 390 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

-- Files created between 2007-05-26 and 2007-06-26 -----------------------------

2007-06-24 13:18:38 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-06-23 13:32:06 0 dr-h----- C:\Documents and Settings\Teka\Application Data\SecuROM
2007-06-23 13:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-06-10 15:56:21 0 d-------- C:\Program Files\Windows Live
2007-06-08 22

33 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-06-07 20:17:59 0 d-------- C:\Documents and Settings\Teka\Application Data\AVG7
2007-06-07 20:17:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-06-07 20:16:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-07 20:16:37 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-06-06 20:14:24 0 d-------- C:\Documents and Settings\Teka\Application Data\RegSweep
2007-06-06 11:56:16 0 d-------- C:\WINDOWS\pss
2007-06-05 10:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-05 10:20:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-05 10:20:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-05 10:20:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-05 10:20:10 610304 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-05 10:20:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-05 10:20:02 0 d-------- C:\WINDOWS\CSC
2007-06-04 12:31:14 0 d-------- C:\Program Files\IObit
2007-06-03 10:30:01 0 d-------- C:\VundoFix Backups
2007-05-30 21:08:28 0 d-------- C:\Program Files\DivX
2007-05-27 15:05:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-27 13:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Saved Games
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Application Data\FloodLightGames
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2007-05-26 18:23:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-05-26 15:58:17 0 d-------- C:\extensions

-- Find3M Report ---------------------------------------------------------------

2007-06-26 10:21:25 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-06-24 13:12:38 0 d-------- C:\Program Files\sollab
2007-06-22 16:07:55 0 d-------- C:\Documents and Settings\Teka\Application Data\DMCache
2007-06-12 13:58:03 77312 --a------ C:\WINDOWS\ua2.dll
2007-06-10 15:56:22 0 d-------- C:\Program Files\Messenger Plus! Live
2007-06-04 11:39:06 0 d-------- C:\Documents and Settings\Teka\Application Data\Uniblue
2007-06-04 11:38:58 0 d-------- C:\Program Files\Uniblue
2007-06-01 20:35:08 0 d-------- C:\Program Files\Advanced Uninstaller
2007-05-30 21:47:28 0 d-------- C:\Program Files\Winamp
2007-05-30 21:08:48 5141 --a------ C:\WINDOWS\mozver.dat
2007-05-26 15:57:21 0 d-------- C:\Program Files\Yahoo!
2007-05-26 15:55:08 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-05-25 13:23:13 0 d-------- C:\Documents and Settings\Teka\Application Data\Comodo
2007-05-24 15:20:40 0 d-------- C:\Program Files\Comodo
2007-05-24 14:02:26 4 --a------ C:\WINDOWS\system32\C99967
2007-05-24 14:01:09 0 d-------- C:\Program Files\Common Files\Real
2007-05-24 14:00:38 0 d-------- C:\Documents and Settings\Teka\Application Data\Real
2007-05-24 14:00:35 0 d-------- C:\Program Files\Rhapsody
2007-05-23 20:46:24 81550 --a------ C:\WINDOWS\system32\mi2.exe
2007-05-20 17:11:33 0 d-------- C:\Documents and Settings\Teka\Application Data\uTorrent
2007-05-20 13:10:55 4096 --a------ C:\WINDOWS\d3dx.dat
2007-05-20 13:09:47 0 d-------- C:\Program Files\ReflexiveArcade
2007-05-20 12

08 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-14 23:07:10 0 d-------- C:\Documents and Settings\Teka\Application Data\Screenshot Sender
2007-05-14 23

37 0 d-------- C:\Program Files\MSN Messenger
2007-05-13 20:51:11 0 d-------- C:\Program Files\RSSOwl
2007-05-10 20:12:06 0 d-------- C:\Program Files\LimeWire
2007-05-10 19:37:48 0 d-------- C:\Program Files\Google
2007-05-02 20:53:28 0 d-------- C:\Program Files\Ashampoo
2007-05-02 20:52:05 0 d-------- C:\Program Files\Alwil Software
2007-04-29 15:42:08 0 d-------- C:\Program Files\Macrogaming
2007-04-29 12:45:53 0 d-------- C:\Program Files\SecondLife
2007-04-29 12:34:02 0 d-------- C:\Documents and Settings\Teka\Application Data\SecondLife
2007-04-28 20:52:09 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-04-28 11:13:42 0 d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 09:27:40 0 d-------- C:\Program Files\T-Com ADSL driver

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"Device Detector"="DevDetect.exe -autorun"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"
"msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\Shell]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"NoFind"=dword:00000000
"StartMenuLogoff"=dword:00000001
"NoChangeStartMenu"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"MaxRecentDocs"=dword:0000000b
"NoStartMenuMFUprogramsList"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{CACA7731-9C77-464A-B1B7-462281DD8164}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WMIAPSRV

-- End of Deckard's System Scanner: finished at 2007-06-26 at 10:25:29 ---------